Following the directions on the main page of the static clan analyzer ( http://clang-analyzer.llvm.org/scan-build.html ) ...
I have a small C file that is badly fixed ( badcode.c):
int main(int argc, char ** argv)
{
int j;
int a[4];
puts(a[j]);
return 'a';
}
To get a basic idea of how the words of the static clang analyzer (scan-build) are executed, follow these steps:
scan-build -v clang badcode.c
It outputs:
scan-build: Emitting reports for this run to '/tmp/scan-build-2012-08-17-1'.
scan-build: 'clang' executable not found in '/usr/share/clang/scan-build/bin'.
scan-build: Using 'clang' from path: /usr/bin/clang
badcode.c:7:2: warning: implicit declaration of function 'puts' is invalid in C99 [-Wimplicit-function-declaration]
puts(a[j]);
^
1 warning generated.
scan-build: Removing directory '/tmp/scan-build-2012-08-17-1' because it contains no reports.
Ok, great, clang gives a little warning, but a.out is still being generated. And why is this not reporting? A unified variable jshould be a painfully obvious red flag for any static analyzer - why is this not being reported?
Am I just using the wrong command line arguments?